OpenWrt Forum Archive

1) That OpenVPN HowTo in the OpenWRT wiki didn't work for me on 0.9 Final. The router accepted all of the configuration settings and it appeared as if the OpenVPN process successfully started up, but I could never get my router to dish out an ip address over the tunnel. See: http://forum.openwrt.org/viewtopic.php?id=9601

2) OpenVPN uses SSL, not L2TP or IPSEC. From openvpn.net:

Does OpenVPN support IPSec or PPTP?

There are three major families of VPN implementations in wide usage today: SSL, IPSec, and PPTP. OpenVPN is an SSL VPN and as such is not compatible with IPSec, L2TP, or PPTP.

The IPSec protocol is designed to be implemented as a modification to the IP stack in kernel space, and therefore each operating system requires its own independent implementation of IPSec.

By contrast, OpenVPN's user-space implementation allows portability across operating systems and processor architectures, firewall and NAT-friendly operation, dynamic address support, and multiple protocol support including protocol bridging.

There are advantages and disadvantages to both approaches. The principal advantages of OpenVPN's approach are portability, ease of configuration, and compatibility with NAT and dynamic addresses. The learning curve for installing and using OpenVPN is on par with that of other security-related daemon software such as ssh.

Historically, one of IPSec's advantages has been multi-vendor support, though that is beginning to change as OpenVPN support is beginning to appear on dedicated hardware devices.

While the PPTP protocol has the advantage of a pre-installed client base on Windows platforms, analysis by cryptography experts has revealed security vulnerabilities.

(Last edited by tpdean on 12 Mar 2007, 14:32)